Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-43573
7.7 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Activity log
- Created suggestion
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.
References
-
GitHub Security Advisory (GHSA-527m-976r-jf79) vendor-advisory
-
Patch Commit patch
Affected products
OpenClaw
- <2026.4.10
- ==2026.4.10
Package maintainers
-
@chrisportela Chris Portela <chris@chrisportela.com>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>